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DETAILED ACTION 

1. Claims 1-4, 6, 8-21, 23, 25-38, 40, and 42-51 are pending. 

2. The Pre-Appeal Brief request filed 11/14/2006 has been 
received and considered. Prosecution is hereby reopened. 

Claim Rejections - 35 USC § 103 

3. • The following is a quotation of 35 U.S.C. 103(a) which 
forms the basis for all obviousness rejections set forth in this 
Office action: 

(a) A patent may not be obtained though the invention is not identically 
disclosed or described as set forth in section 102 of this title, if the 
differences between the subject matter sought to be patented and the prior 
art are such that the subject matter as a whole would have been obvious at 
the time the invention was made to a person having ordinary skill in the 
art to which said subject matter pertains. Patentability shall not be 
negatived by the manner in which the invention was made. 

4. Claims 1-3, 6, 8, 10-12, 15-16, 18-20, 23, 25, 27-29, 32- 
33, 35-37, 40, 42, 44-46, and 49-50 rejected under 35 

U.S.C. 103(a) as being unpatentable over McNeil et al . (US 
6167052) in view of Kagemoto et al . (US 6584069). 

As per claims 1,18, and 35, McNeil et al. discloses a 
method of controlling information flow through a firewall 
comprising: determining a first incoming packet community set 
(PCS) of a first data packet received on an interface of said 
firewall (see column 8 line 50 through column 9 line 7); 
discarding said first data packet in response to detecting said 
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PCS is not a subset of an interface community set (IFCS) of said 
interface (see column 8 line 50 through column 9 line 7); 
processing said first data packet in response to detecting said ■ 
first incoming PCS is a subset of said IFCS, wherein said 
processing comprises: matching said first data packet to a first 
rule of a plurality of rules of said firewall (see column 9 
lines 38-49);' changing the first incoming PCS in the first data 
packet to an outgoing PCS (see column 1 lines 47-53) ; comparing 
said outgoing PCS with a destination community set of said first 
data packet, prior to transmitting the first data packet to said 
destination community (see column 9 lines 8-14); discarding said 
first data packet in response to detecting said outgoing PCS is 
not a subset of said destination community set (see column 9 
lines 8-15) ; further processing said first data packet in 
response to detecting said outgoing PCS is a subset of said 
destination community set; wherein .the determining, discarding, 
and processing are performed within a single node of a network 
(see column 9 lines 1-49) . 

McNeil et al . fails to disclose comparing consecutive 
packets and filtering based on this comparison. 

However, Kagemoto et al. teaches such comparing and 
filtering (see column 4 lines 55-64). 
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At the time of the invention it would have been obvious to 
a person of ordinary skill in the art to include the filtering 
of Kagemoto et al. with the firewall system of McNeil et al. 

Motivation to do so would have been to apply the 
appropriate filtering of packets with the same content (see 
Kagemoto et al. column 4 lines 55-64). 

As per claims 2, 10, 19, 27, 36, and 44, the modified 
McNeil et al. and Kagemoto et al . system discloses wherein said 
determining comprises determining a source network address 
community set (NACS) of said first data packet (see McNeil et 
al. column 8 line 50 through column 9 line 16). 

As per claims 6, 23, and 40, the modified McNeil et al. and 
Kagemoto et al. system discloses wherein said processing further 
comprises discarding the first data packet, in response to 
determining the first ' incoming PCS does not match the second 
incoming PCS (see McNeil et al column 9 lines 1-16). 

As per claims 8, 25, and 42, the modified McNeil et al. and 
Kagemoto et al. system discloses wherein changing said first 
incoming PCS to the outgoing PCS is in further response to 
determining that said first rule includes the action of 
forwarding said first data packet (see McNeil et al. column 8 
line 50 through column 9 line 16). 
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As per claims 12, 29, and 46, the modified McNeil et al. 
and Kagemoto et al. system transmitting said first data packet 
via an output interface of said firewall in response to 
detecting said outgoing PCS is a subset of the interface 
community set (IFCS) of said output interface (see McNeil et al . 
column 8 lines 50-67); discarding said first data packet in 
response to detecting said second PCS is not a subset of said 
IFCS (see McNeil et al column 9 lines 1-16) . 

As per claims 15, 32, and 49, the modified McNeil et al. 
and Kagemoto et al. system discloses consulting a community 
information base (CIB) (see McNeil et al . column 8 line 50 
through column 9 line 49) . 

As per claims 16, 33, and 50, the modified McNeil et al. 
and Kagemoto et al. system discloses wherein said CIB includes 
community set information corresponding to network addresses, 
network services, and interfaces (see McNeil et al. column 8 
line 50 through column 9 line 49) . 

As per claims 3, 11, 20, 28, 37, and 45, the modified 
McNeil et al. and Kagemoto et al . system discloses wherein said 
determining comprises determining a source network service 
community set (NSCS) of said first data packet (see McNeill 
Abstract) . 
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5. Claims 4, 13, 21, 30, 38, and 47 are rejected under 35 
U.S.C. 103(a) as being unpatentable over the modified McNeil et 
al. and Kagemoto et al. system in further view of Kidambi (US 
6424626) . 

As per claims 4, 13, 21, 30, 38, and 47, the modified 
McNeil et al. and Kagemoto et al . system fails to disclose the 
source and destination addresses are decoded from the header. 

However, Kidambi discloses the idea of encoding the source 
and destination addresses in the header (see column 25 line 53 
through column 26 line 3) . 

It would have been obvious to one of ordinary skill in the 
art at the time the invention was filed to encode the source and 
destination addresses in the header of a data packet because 
doing so is a commonly accepted method of effectively 
transmitting the source and destination addresses . 

6. Claims 14, 17, 31, 34, 48, and 51 are rejected under 35 
U.S.C. 103(a) as being unpatentable over the modified McNeil et 
al. and Kagemoto et al . system in further view of Kisor (US 
6266773) . 

As per claims 14, 17, 31, 34, 48, and 51, the modified 
McNeil et al. and Kagemoto et al. system fails to disclose the 
use of recording an event in a security log. 
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However, Kisor teaches such a security log (see column 3 
lines 42-67) . 

It would have been obvious to one of ordinary skill in the 
art at the time the invention was filed to incorporate the ideas 
of Kisor with those of the modified McNeil et al. and Kagemoto 
et al. system and add a security log for recording an event for 
extra security and monitoring in the system. 

Response to Arguments 

7. Applicant's arguments with respect to claims 1-4, 6, 8-21, 
23, 25-38, 40, and 42-51 have been considered but are moot in 
view of the new ground(s) of rejection. 

Conclusion 

Any inquiry concerning this communication or earlier 
communications from the examiner should be directed to Michael 
Pyzocha whose telephone number is (571) 272-3875. The examiner 
can normally be reached on 7:00am - 4:30pm first Fridays of the 
bi-week off. 

If attempts to reach the examiner by telephone are 
unsuccessful, the examiner's supervisor, Emmanuel Moise can be 
reached on (571) 272-3865. The fax phone number for the 
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organization where this application or proceeding is assigned is 
571-273-8300. 

Information regarding the status of an application may be 
obtained from the Patent Application Information Retrieval 

(PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on 
access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free) . If you would 
like assistance from a USPTO Customer Service Representative or 
access to the automated information system, call 800-786-9199 

(IN USA OR CANADA) or 571-272-1000. 
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